VYPR

AirWave Glass

by Arubanetworks

CVEs (7)

  • CVE-2020-24640CriJan 15, 2021
    risk 0.64cvss 9.8epss 0.03

    There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

  • CVE-2020-24639CriJan 15, 2021
    risk 0.64cvss 9.8epss 0.07

    There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

  • CVE-2016-8526HigAug 6, 2018
    risk 0.61cvss 8.8epss 0.10

    Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can…

  • CVE-2017-8946HigFeb 15, 2018
    risk 0.55cvss 8.3epss 0.11

    A Remote Code Execution vulnerability in HPE Aruba AirWave Glass version v1.0.0 and 1.0.1 was found.

  • CVE-2020-24641HigJan 15, 2021
    risk 0.49cvss 7.5epss 0.01

    In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately…

  • CVE-2020-24638HigJan 15, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.

  • CVE-2016-8527MedAug 6, 2018
    risk 0.44cvss 6.1epss 0.13

    Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative…